Has no filesystem sandbox whatsoever. They just pretend it is fine, causing uBlue devs and others to think it is okay to remove native Firefox
If you like what I do, send me some Monero:
87ZN8URUY1M6GoXpxou4siDKJkLbLKDhT2RScrauzd4gbRyKgoY2ZX3Ut9WuMtkWebisViSE9EVRzVA1SD4kMdtAUPMiZBC
Has no filesystem sandbox whatsoever. They just pretend it is fine, causing uBlue devs and others to think it is okay to remove native Firefox
Btw how are they the only ones hopping on to XZ?? Like, everyone is switching to zstd currently.
I tried the ublue image, when it wasnt under the ublue name yet. Worked pretty great, I will test the current state soon!
Their ISOs are uninstallable. I wanted to test it, will need to to a #silverblue install and rebase… which #uBlue doesnt document ANYWHERE
I guess no Wayland support, which is pretty big
Suffer or pay
Wtf?
I also donated to 2 projects!
Devs need money, because KDE really needs polish, especially in the security and sandboxing field.
Update: yes this is still true. MullvadVPN and ProtonVPN (which I dont recommend) both patch wireguard to work with less logs.
Officially, Wireguard cannot be no-log
Fixing their damn sandbox would be something truly useful.
Implementing a fork server so Flatpak AND Android Firefox can stop being fucking insecure for no reason.
The desktop version uses Electron, a shitty Chromium + Node.js framework for devs that really only want javascript and web tech
True, forgot about that.
Alternatively yeah some system to load the data online, autodelete after a while of not logging into something.
But the question really is “why?”
Disk encryption should deal with everything. Secure boot and usbguard are useful anyways.
THIS prevented you from switching?
Afaik screenshare always worked when using Discord in a browser
Which it isnt
Yeah because Flatpak firefox is damn insecure!
Please dont use it. Firefox devs dont care. Flatpak restricts browsers from spawning “user namespace” sandboxes for filesystem isolation.
Chromium uses a fork server (zygote) and breaks when it cannot spawn these sandboxes. So developers created zypak, which allows to isolate processes using bubblewrap, the Flatpak sandbox.
Firefox just runs without a sandbox, and doesnt have a fork server, so nobody cares.
Without process isolation, you have less duplicated content. This saves space but IT IS INSECURE.
Please use a non-Flatpak Firefox version.
There is no reason why a “Zen Browser” should use less RAM than Firefox.
If something goes wrong, login via ssh (you know the dynamically changing IP) and remove a directory or the entire user.
You cannot avoid that a user would copy files from there to a usb stick. Well you could, by using usbguard. Works really well in my experience, just prevent nonsudo users from adding new devices.
And then you need to prevent the user from booting another system, or taking out the SSD and reading it. TPM and boot lock is the right thing here, what Max-P wrote.
Lol as a Fedora Discussion member, NVIDIA issues are there but like 10%
So how is this vendor lockin?
I can imagine that theirs is safer and more suited for targeted devices. Linux is extremely generalistic and has a ton of cruft.
But I have never looked at their code or tried to port a Linux app to Android. The #Krita devs might have some insight here.
They dont use GNU or glibc or systemd
It was easier than taking over zstd for sure